Clemence Poirier (12:07)

And now a word from our sponsor. Knowbefore it's all connected and we're not talking conspiracy theories when it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBe4, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBe4's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco. 35 vendor integrations and counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint identity or web security vendors. Then coach your users at the moment. The risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack, or email. Learn more@knowbefore.com SecurityCoach that's knowbefore.com SecurityCoach and we thank KnowBefore for sponsoring our show.

Dave Buettner (13:40)

Imagine this. Your primary identity provider goes down. Whether it's a cloud outage, network issue, or even a cyber attack, suddenly your business grinds to a halt. But what if it didn't have to meet Identity Continuity from Strata, the game changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on prem system faces a hiccup, Identity Continuity seamlessly shifts authentication to a secondary or even tertiary IDP automatically and without disruption. Powered by the Mavericks Identity Orchestration platform, Identity Continuity uses smart health checks to monitor your IDPs availability and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers, just continuous secure access to your critical applications every single time. Protect your business from the high costs of IDP outages. With Identity Continuity from Strata, downtime is a thing of the past. Visit Strada IO Cyberwire to learn how Strata's Identity Continuity can provide seamless enhanced capabilities to your existing identity fabric. And receive a free set of AirPods Pro.

Maria Varmazas (15:14)

Welcome back. Today our guest is Clemence Poirier, Senior Cyber Defense Researcher at the center for Security Studies at ETH Zurich. Clemence and I recently spoke about cybersecurity attacks in space, and following the interview, get some tips on how not to convince prospective customers that they should secure your services.

Clemence Poirier (15:34)

When the war in Ukraine started, of course, the invasion actually started with a cyber attack against the satellite, which is the now infamous fiasco. And prior to this there was very little interest from the space sector for cybersecurity issues and it was a bit overlooked, whether it's from engineers or the industry or public policies. So nobody really paid so much attention to that and the threat was a bit overlooked as well. But when the vase attack happened, it was a bit of something like the parallel board for the space industry. In some ways it was really a wake up call. So I decided back then to analyze this attack and analyze what happened, but also what that meant for Ukrainian armed forces and their ability to respond to the invasion, but also all the ripple effect that this attack created across Europe and what it also meant for the European space sector. And after this first attack I asked myself, okay, how many other attacks affected space systems in this conflict because everyone saw how Starlink is used to conduct military operations there, but also used by the civilian population, and how it's a central aspect of accessing connectivity there, but also how satellite images are used, how navigation, so GPS are used in the conflicts. So I asked myself, naturally there would be probably a lot of operation against space systems. So I decided to look into that. And so I crawled through hundreds and hundreds of Telegram channels, Twitter account, hacker forums and a bit weird websites, to be honest, and try to see and map groups that took sides in the conflict, because that's a big trend that happened in this war. Hacktivist group popped up and took sides in the conflict. And I decided to check how they would talk about space, how they would talk about attacking the satellites or the space sectors or space companies. And so I mapped hundreds of groups and I found 124 cyber operations that targeted the space sector in the context of the war. So by groups that either took side in the conflict or claimed that the attack was related to the conflict directly. And so that's the main finding of the report.

Maria Varmazas (18:49)

It's been really fascinating how much that viasat attack really changed the conversation about space cybersecurity. I think previously to that there was a sense of I'm not a military asset, I don't need to worry about it, or I'm in compliance with government security standards, so I'm fine, or nobody's targeting me. This is not an issue. The conversation has completely changed since then and especially with commercial players, as you mentioned, with StarLink and obviously Viasat as well. You know, there is a whole level of complexity that is there. I am so fascinated that you not only looked at the attack itself, but also what came after in those conversations. Because that's been actually a huge question I have had in the last two plus years is for adversaries, for threat actors, how has the conversation changed for them? What are they saying? What did you see from those conversations on all sides of the conflict? Is this a domain where people feel comfortable and what kind of attacks are they trying to leverage? Are they all similar? Are there a lot of different tactics being deployed? I'm sorry, I have so many questions. I'm so fascinated here.

Clemence Poirier (20:01)

What I first notice is that those hacker groups on their telegram channels, hacker forums, Twitter accounts, they really see space as a topic of fascination. So they really use space as a way to gather their communities and their members and create online engagement. So they very often talk about space exploration or whatever is in the news in space. They Sometimes share fun facts like the first time that coffee was brewed on the iss, or this kind of things that you would not really expect on a hacktivist group communication channel.

Maria Varmazas (20:51)

They're nerds at heart.

Clemence Poirier (20:54)

Exactly. And that's very funny because you don't see that about other sectors of the economy. But they also see space as an ultimate challenge and something that would bring a lot of media attention if they succeed, that is something that is perceived as more difficult to hack. So you see some groups that talk almost in a childish way, like, oh, should we. Can we hack a satellite? Should we hack a NASA satellite? And so they discuss about whether that's feasible or not. And they really see this as the final frontier for their cyber operations.

Maria Varmazas (21:49)

The notoriety. Yeah, yep.

Clemence Poirier (21:51)

Yes, that's definitely how it's perceived. But at the same time, when you look at their operations against the space sector, you also see that there are no groups that are specialized or entirely dedicated at targeting the space sector. So there's not one group that only targets the space sector. All the cyber operations that I could find were random, almost among bigger campaigns against specific countries. So it's quite the opposite, in fact, where they actually do not know so much about space. A lot of them say, oh, it was our first attack against satellite, or it was very complex for us to understand how the network was operating or how a satellite functions, or it was very hard to enter into the network. And so they really say acknowledge that and that difficulty. It also shows that maybe cybersecurity is a bit different in space than on Earth. And it's also interesting that Microsoft and OpenAI also disclosed that Russian hacker groups Fancy Bear also used ChatGPT to ask questions about how satellite communication functions and how to target them. So they didn't specify whether they could link it to an actual operation. But that also says that there's still a knowledge gap for threat actors about how to enter into a space system. So the space sector is not necessarily well protected. But because the nature of the system is a bit different, it also saves the sector a little bit.

Maria Varmazas (23:51)

You can find a link to the case study Clemence mentioned in our show notes.

Clemence Poirier (24:11)

The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now employees, apps and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why Cloudflare created the first ever Connectivity Cloud. Visit cloudflare.com to protect your business everywhere you do business.

Maria Varmazas (24:48)

And finally, in a bizarre mix of cybercrime and self promotion. Kansas City's Nicholas Kloster faces federal charges for allegedly hacking multiple organizations to pitch his cybersecurity services. The Department of Justice alleges that Kloster breached a gym, a nonprofit and a former employer, leaving behind a trail of audacity and damages. At the gym, Kloster reportedly bypassed security cameras and routers to access systems. He then emailed the owner offering his services to fix the vulnerabilities he exploited and not stopping there. He reduced his gym membership fee to $1, deleted his profile, took a staff name tag, all before flaunting the gym's compromised cameras on social media. Career limiting move. Weeks later, he allegedly struck a nonprofit using a boot disk to bypass authentication, install a VPN and change account credentials. The breach, by the way, forced the nonprofit to spend $5,000 on remediation and upgrades. Kloster also reportedly used stolen credit card data from a former employer to buy hacking tools, cementing his status as a rogue, and I quote here entrepreneur. While his alleged antics might sound like a movie plot, Kloster, we should note, faces up to 15 years in prison. His tale is a very good reminder. Real cybersecurity pros don't exploit systems, they protect them. And that's the CyberWire. For links to all of today's stories, check out our daily briefing over@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Also, please fill out the survey in the show notes or send an email to cyberwire2k. We're privileged that N2k cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@n2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iban. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kielpi is our publisher and I'm Maria Varmazas in for Dave Vitner. Thanks for listening. We'll see you tomorrow.

Dave Buettner (28:03)

And now a word from our sponsor, NordPass. NordPass is an advanced password manager from the team behind NordVPN, designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now, you can go to www.nordpass.com cyberwire for 35% off the NordPass business yearly plan.

Clemence Poirier (28:36)

Don't miss out on.